Upgrade to WordPress 3.4 – Embedding Tweets

I just got the notice that there is a new version of WordPress available, so I did the automatic upgrade and checked out some of the new features. One I think is kind of neat is that you can embed a Tweet within a post just by pasting in the URL, like this:

 

 

 

If everything works as it should, you’ll see the tweet about our new Mayo Clinic iPhone/iPad app being featured in the Apple WWDC keynote embedded below:

So people reading your blog can interact with the tweet directly. It’s much better than taking a screen shot of the tweet and embedding the image.

Cool, huh?

 

Why do Spammers do this?

This isn’t a metaphysical question about good and evil. I’m really trying to understand what the motivation or payoff is.

Over the last week or so I have been experimenting with BuddyPress as a way of adding social networking features to SMUG. I’ve been impressed with the functionality. Now that I’ve learned some of what I was seeking to discover through the experiment, I have reverted back to the previous theme and disabled BuddyPress.

One of the settings I enabled in BuddyPress allowed visitors to sign up for an account here. They just had to fill out a form, like this (click any of the images to enlarge):

And then they would see a message which said they would be getting an email message with a link to confirm their registration:

When they clicked the link in the email, they would return to the site and see this confirmation:

Today I got a message from a helpful SMUGgle, Michelle Murray, who said she had gotten an “internal server error” message when trying to visit a curriculum post…and that the problem had happened a few times. So I decided to investigate. To cut to the chase, here’s what I discovered:

A whole bunch of new “users” whose names were eerily similar. The extent of the problem is shown in this closeup of the user totals, which you don’t need to click to see clearly:

After I had deleted 50 of them, here is the closeup of the user type breakdown:

In other words, my blog had essentially been the target of a Denial of Service attack by a spam bot creating nearly 6,400 accounts.

As I examined one of the profiles, it seemed odd that the person behind the spam would try this, because it wasn’t immediately apparent what benefit they would derive. Here’s an example of what they had entered for each fake user:

And when you look at the tail end of the Website field, it is just the link to the member profile on SMUG, not some other Web page they wanted to give Google juice.

It seems that the goal is to somehow help a site devoted to offering six-pack abs to its customers (clearly something I could use), but it isn’t (or wasn’t) clear to me how this spamming strategy would drive traffic to that site. Other spam email domains pointed to searsuckersuit, realestatequicksolutions and comfortersonsalenow, all with .coms appended.

On further reflection, it seems perhaps one way this scheme could work would be if the spammer accounts could be used to bypass the Akismet comment filtering. In that way they could include links back to their sites within comments.

Or maybe if my default for new users was to make them Authors instead of Subscribers, it would give the spammers a chance to create new posts with lots of links to their sites:

What do you think? Based on what you see above, what would be the benefit to spammers in creating 6,000+ accounts on a site, without any links back other than in the user email domain, which isn’t published?

Was this just a first step in a plan to eventually unleash a torrent of new posts or comments?

By the way, for the time being I have turned comment moderation on, so I’m not just relying on Akismet. So when you share your thoughts, it may take a little bit for me to moderate and approve the comment.

Meanwhile, does anyone have a recommendation for mass deleting 6,300 spam subscribers in WordPress?

Otherwise, it looks like I’ll be selecting 50 at a click and deleting about 126 times. Should be an hour or so of mindless fun.

When You Start Your WordPress Blog

Note: This is reposted from what was originally part of the “page” structure of this blog. It shows what you can expect when you decide to start a blog on WordPress.com.

Suus Not Ut Difficile!

====

When you click this link to start a new WordPress blog, you will see a screen something like this:

Wordpress Signup Page

All you do then is enter a name, like this:

Aase Family Blog Creation

And then, provided your name is unique enough, you get a message like this:

Blog Created

Congratulations! You now have a blog!

It’s that simple. It’s really that simple.

Getting More Sociable

I mentioned in my last post that I was looking for a way to add the Facebook “Like” button to my posts, and so I’m experimenting with another plugin from Sociable, called Facebook Open Graph. I had already added Facebook Connect functionality through another plugin, but this one theoretically should be better. I may still have a few kinks to work out, and I was disappointed that it didn’t immediately put the “Like” button on my previous posts.

But maybe it only works with new posts, or maybe I have to edit posts to get this button added.

In keeping with the Spirit of SMUG, I’m just giving it a try with this new post, and we’ll see if it works. I’ll keep you updated as I figure it out.

Getting Sociable

Until now, I had been using the Tweet This! and Share This! plug-ins to encourage sharing of posts, and I’m working on getting the Facebook “Like” button installed, so I might switch my Facebook Connect plug-in, too.

This morning I stumbled across a sharing plug-in that I like a lot more than the other two, and I think it makes for a nicer look. It’s called Sociable, and while it supposedly hasn’t been tested for the latest version of WordPress, it seems to be working well.

I like that it lets me choose from among 99 different sharing sites and methods (including email) in one toolbar, and that you can customize both the heading (so I could call out Twitter, Facebook and E-Mail among the options) and the order of the icons.

Here’s a screen shot of all 99 services (click to enlarge):

The ability to customize your blog with plug-ins like this is one of the main advantages of a self-hosted WordPress blog, as opposed to using WordPress.com. Still, WordPress.com is a great way to get your blog started quickly, and you can use domain mapping on WordPress.com to ensure continuity, so that if you decide later to move to self-hosted (as I did with SMUG), you don’t lose your external links.

If you’re using self-hosted WordPress, you might want to get Sociable too…and use the buttons below to share this post with your friends.